Writing in the front
Recently I read several posts about automatic Posting of nuggets. This is done by the backend calling the publishing interface directly in conjunction with the scheduled task. But the downside is bypassing the steps of logging into the nuggets. Obtain the cookies of the page manually, and then give the cookies to the program to complete the function of automatic publishing. So today, from a technical point of view, to explore how to achieve the login of gold.
The text start
Let me start by stating that this is only a technical implementation.
1. Background of the question
In this article punching activity, there will be a written article in the draft box, but forget to publish the article, resulting in a broken situation. So I suddenly thought, can we have the function of automatic publication to help us complete part of the automated work to solve the problem of missing publication?
So starting with the interface of the article release, we first look at the logic of the nugget article release;
- A. New articles are saved as drafts and unique ids are generated.
- B. If the article is not published, it is still in the draft box, and the article ID remains unchanged.
- C. The article can be published successfully after filling in the necessary labels.
- D. After the article is published and approved, it will become readable and can be shared with others.
Here are the parameters and address of the publish interface:
- Interface address: api.juejin.cn/content_api…
- Request mode: POST
- Request parameters:
| parameter | type | instructions |
|---|---|---|
| draft_id | string | The article ID |
| sync_to_org | Boolean | Whether the synchronization |
| column_ids | The list of | The unknown |
For Python to handle this kind of thing is simple, something like this:
# code for demonstration code
body = {
"draft_id": "123456"."sync_to_org": False."column_ids": []
}
requests.post(self.publish_url, body=body)
Copy the codeObviously that’s not going to work. Because in the code is not reflected in any login operation. Let’s take a look at the logon implementation for Nuggets.
2. Login mode
Objective: To realize automatic login when the user name and password are known.
- Mobile phone verification code login
- Account password Login
Since the verification code is dynamically obtained each time, the verification code is not considered here; Third party login is essentially a login to another account, which is not considered here; So we only need to check the nugget account password login can; So let’s look at this thing.
A sliding verification code is displayed after you enter the user name and password. You need to manually verify the password.
It seems that the problem has reached a dead end here. My goal is to automatically log in, but after looking at several ways to get around the human intervention.
3. Dig deep
When you think about it, the login is essentially a POST request process, which means you can send the request. So continue along this line to view the login interface. The following figure shows the specific interface when logging in.
As shown in the figure, both the request interface and the request parameters are available, but the parameters are obviously encrypted data.
Here continue to understand the general login process, here did not do an in-depth understanding of the results of their own experience.
- Slide verification process
- Login process, during which the user name and password are encrypted
So there are two things you need to do to successfully log in via script:
- Construction of sliding captcha request parameters
- Login interface request parameter construction
But look hard at the code on the front end of the mining, and you’ll find some clues. However, the amount of front-end code and dynamic load of JS are afraid, the time spent may not be proportional to the harvest. Died at the age of 28.
PS: The cracking idea provided here is feasible, hope to have the ability of partners to study out, can discuss together.
conclusion
Nugget login has two more important functions:
- The operator is identified as a real user by sliding verification code.
- The user information is encrypted at the front end and decrypted at the back end to prevent plaintext transmission during login.
The combination of the two provides a relatively secure way to log in, which destroys most programmers’ dreams of logging in to gold directly through the program.
So if you want to automate publishing, you need to find a different way to get there.